fleet

mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00

History

Jonathan Katz c8aa5557ac #31474 MSRC has incorrectly named CVEs. This PR removes them from the generated file. (#31851 ) Fixes: #31474 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] QA'd all new/changed functionality manually ### How I tested it - Ran the unmodified script with `go run cmd/msrc/generate.go` - Checked the the file `msrc_out/fleet_msrc_Windows_11-2025_08_12.json` contains CVE-2025-36350 and CVE-2025-36357 I tested the next situations with the feed existing and deleted - Ran the new code with `go run cmd/msrc/generate.go` - Checked same file and the two CVE's were not present. Tested in fleet ui by - Set up a host with Windows 11 Pro 24H2 10.0.26100.4061 so CVE-2025-3635(0/7) will show up. - Manually changed the msrc_Windows11... file in /tmp/vulndbs to the one generated with the fix. - Searched in Software > Vulnerabilities and could not find CVE-2025-3635(0/7) anymore. --------- Co-authored-by: Anthony Maxwell <133805840+Illbjorn@users.noreply.github.com>	2025-08-21 12:41:53 -04:00
..
generate.go	#31474 MSRC has incorrectly named CVEs. This PR removes them from the generated file. (#31851 )	2025-08-21 12:41:53 -04:00

#31474 MSRC has incorrectly named CVEs. This PR removes them from the generated file. (#31851 )

Fixes: #31474 

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
## Testing

- [x] QA'd all new/changed functionality manually

### How I tested it
- Ran the unmodified script with `go run cmd/msrc/generate.go`
- Checked the the file `msrc_out/fleet_msrc_Windows_11-2025_08_12.json`
contains CVE-2025-36350 and CVE-2025-36357

I tested the next situations with the feed existing and deleted
- Ran the new code with `go run cmd/msrc/generate.go` 
- Checked same file and the two CVE's were not present.

Tested in fleet ui by
- Set up a host with Windows 11 Pro 24H2 10.0.26100.4061 so
CVE-2025-3635(0/7) will show up.
- Manually changed the msrc_Windows11... file in /tmp/vulndbs to the one
generated with the fix.
- Searched in Software > Vulnerabilities and could not find
CVE-2025-3635(0/7) anymore.

---------

Co-authored-by: Anthony Maxwell <133805840+Illbjorn@users.noreply.github.com>

2025-08-21 12:41:53 -04:00

generate.go

#31474 MSRC has incorrectly named CVEs. This PR removes them from the generated file. (#31851 )

2025-08-21 12:41:53 -04:00